Delf-KWY trojan

I was hit with win32.Delf-KWY today
When I do a boot scan it is recognised but avast! cannot delete or move it to the chest. I can only ignore it.
If you try to delete the files - ravsys.exe and autorun.ini they recreate themselves.
How do I get rid of this trojan if Avast! can’t do it automatically?

Hi before anything can be done we need to know what you have got

[*]Download random’s system information tool (RSIT) by random/random from here and save it to your desktop.
[*]Double click on RSIT.exe to run RSIT.
[*]Click Continue at the disclaimer screen.
[*]Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[list]

Hi flicky
This is my information so far about win32.Delf-KWY

Name: Trojan-Downloader.Win32.Delf.kwy

Description:

A trojan-downloader is a tool that downloads a trojan horse. A trojan, also known as a trojan horse, is simply a program that pretends to be something else.

Why are trojans or trojan horses so dangerous? The basic idea is that you download a program, for example one that you think is some sort a game demo. When you run the demo, to your surprise, nothing happens. Or so you thought.

What may have happened is that you’ve just unwittingly run some form of program that has planted itself on your hard drive. Perhaps it’s going to be a very basic application, and simply delete some files on your system. Perhaps it’s an even more sinister tool that will actually give other people full access to your hard drive and system. Sounds ridiculous? It happens literally every single day, to computer users all around the world.

Referrer Site :

http://www.emsisoft.com/en/malware/?Trojan-Downloader.Win32.Delf.kwy

2nd Infection

Name: RAVSYS.EXE

We still have no confirm information about this but i can give you the Test Virus Scan about this malicious software

VirSCAN.org Scanned Report : Scanner results: 19% Scanner(7/36) found malware! File Name : RAVSYS.EXE File Size : 381952 byte File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5 : ec55fc7a83f60c7683b70e5dbc8e2f24 SHA1 : 34d729c7e89ccda6295b34291978b6cd0be091bb Online report : http://virscan.org/report/14d38180fe2b56c53319272282c7c76b.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.08.17 2008-08-17 6.72 -
AhnLab V3 2008.08.18.01 2008.08.18 2008-08-18 1.23 -
AntiVir 7.8.1.19 7.0.6.26 2008-08-18 2.20 TR/Downloader.Gen
Arcavir 1.0.5 200808171633 2008-08-17 1.22 -
AVAST! 3.0.1 080817-0 2008-08-17 0.74 -
AVG 7.5.51.442 270.6.5/1618 2008-08-18 1.53 -
BitDefender 7.60825.1563568 7.20568 2008-08-18 5.82 Trojan.Crypt.Delf.C
CA (VET) 9.0.0.143 31.6.6035 2008-08-15 4.95 -
ClamAV 0.93.3 8052 2008-08-18 0.06 -
Comodo 2.11 2.0.0.620 2008-08-18 1.10 -
CP Secure 1.1.0.715 2008.08.18 2008-08-18 6.18 -
Dr.Web 4.44.0.9170 2008.08.18 2008-08-18 3.22 -
ewido 4.0.0.2 2008.08.17 2008-08-17 6.52 -
F-Prot 4.4.4.56 20080817 2008-08-17 5.50 W32/Hupigon.G.gen!Eldorado (generic, not disinfectable)
F-Secure 5.51.6100 2008.08.17.03 2008-08-17 0.09 -
Fortinet 2.81-3.11 9.440 2008-08-18 1.82 -
ViRobot 20080816 2008.08.16 2008-08-16 0.40 -
Ikarus T3.1.01.34 2008.08.18.71295 2008-08-18 3.40 Backdoor.Win32.Agent.ahj
JiangMin 11.0.706 2008.08.18 2008-08-18 1.29 -
Kaspersky 5.5.10 2008.08.18 2008-08-18 0.08 -
KingSoft 2008.1.14.15 2008.8.18.17 2008-08-18 0.75 -
McAfee 5.2.00 5362 2008-08-15 3.17 -
Microsoft 1.3807 2008.08.18 2008-08-18 7.39 -
mks_vir 2.01 2008.08.18 2008-08-18 2.63 Win32.4
Norman 5.93.01 5.93.00 2008-08-15 5.06 -
Panda 9.05.01 2008.08.17 2008-08-17 4.83 -
Trend Micro 8.700-1004 5.484.03 2008-08-18 0.14 -
Quick Heal 9.50 2008.08.16 2008-08-16 1.85 -
Rising 20.0 20.58.02.00 2008-08-18 0.96 -
Sophos 2.77.0 4.32 2008-08-18 1.96 -
Sunbelt 3.1.1546.1 2193 2008-08-14 1.08 VIPRE.Suspicious
Symantec 1.3.0.24 20080817.003 2008-08-17 2.22 -
nProtect 2008-08-18.00 1894688 2008-08-18 3.83 Trojan.Crypt.Delf.C
The Hacker 6.2.96 v00396 2008-08-11 0.42 -
VBA32 3.12.8.3 20080817.1524 2008-08-17 2.27 -
VirusBuster 4.5.11.10 10.84.3/598170 2008-08-17 0.92 -

This is another function of the malicious software (Warning!)

<blockquote>File System Modifications

* The following file was created in the system:

Filename(s) File Size File MD5

1 %Windir%\Ravsys.exe
[file and pathname of the sample #1] 381,952 bytes 0xEC55FC7A83F60C7683B70E5DBC8E2F24

Registry Modifications

* The following Registry Key was created:
      o HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

* The newly created Registry Value is:
      o [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
            + DisableWindowsUpdateAccess = 0x00000001</blockquote>
(This Scan shows that the malicious software is non other than a mallwere

I Suggest
you use the ffl. program to try to remove the malicious software from your system

1st We have SuperAntiSpyware

Download link

http://downloads2.superantispyware.com/downloads/SUPERAntiSpyware.exe

Instruction:
Download the software then install after wards update to current version then go to setting then check the Full System Scan ( this is very important )
when the program detect the spyware/trojan/malware delete it after deletion it would require a system
Restart then scan again if the malicious software came back (just for double check^_^ )

2nd We Have Malwarebytes’

If you follow these instructions, everything should go smoothly.

Please download [url=http://www.besttechie.net/tools/mbam-setup.exe][b]Malwarebytes' Anti-Malware[/b][/url] and save it to a convenient location.

[*]Double click on [b]mbam-setup.exe[/b] to install it.
[*]Before clicking the [b]Finish[/b] button, make sure that these 2 boxes are checked (ticked): [list][b]Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware[/b][*]Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the [b]Update[/b] tab. Under [b]Update Mirror[/b], select one of the websites and click on [b]Check for Updates[/b].
[*]Select the [b]Scanner[/b] tab. Click on [b]Perform full scan[/b], then click on [b]Scan[/b].
[*]Leave the default options as it is and click on [b]Start Scan[/b].
[*]When done, you will be prompted. Click [b]OK[/b], then click on [b]Show Results[/b].
[*]Checked (ticked) all items and click on [b]Remove Selected[/b].
[*]After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the [b]Logs[/b] tab. The bottom most log is the latest.

Next,

[*]Download random’s system information tool (RSIT) by random/random from here and save it to your desktop.
[*]Double click on RSIT.exe to run RSIT.
[*]Click Continue at the disclaimer screen.
[*]Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please post the following:

[]The Malwarebyte’s Anti-Malware log
[
]The contents of log.txt
[*]The contents of info.txt

Hope This Help :3
http://i272.photobucket.com/albums/jj179/Saber6699/5.gif